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DETAILED ACTION 
Response to Amendment 

1. This Office Action is responsive to the amendment filed July 14, 2005, in which claims 1, 
7 and 1 1 were amended and claims 4, 10, 15-19 canceled. 

Response to Arguments 

2. Applicant's arguments filed July 14, 2005 have been fully considered but they are not 
persuasive. 

3. Apphcant amended claim 1 by inserting the hmitation of claim 4 and amended claim 7 by 
included the featxires of claim 10. Apphcant argues that neither Balaz, Cook or Benantar shows 
or suggests retrieving a second certificate reference to a second certificate wherein the second 
certificate is issued to an issuer of the first certificate and then transmitting the second certificate 
reference as part of the message. In response to applicant's arguments against the references 
individually, one cannot show nonobviousness by attacking references individually where the 
rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 

USPQ 871 (CCPA 1981); In re Merck & Co,, 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

4. Claims 1-3, 5-9 and 11-14 have been examined. 

Claim Rejections - 35 (JSC §103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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6. Claims 1-3,5,6 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Publication No. 2004/0177281 to Balaz et al. and US Publication No. 2004/0215959 to Cook et 
al. in view of US Publication No. 2002/0073310 to Benantar. 

Balaz et al. disclose digitally signing a message (i.e. "request") using a first private key 
associated with the sender (i.e. "router"), see paragraph [0084], retrieving a first certificate 
reference (i.e. "serial number') associated with a first certificate, the first certificate including a 
first public key corresponding to the first private key and transmitting to the recipient via the 
network an authenticated message comprising the digitally signed message and the first 
certificate reference (see paragraphs [0046], [0085] & [0086]). Balaz et al. disclose a public key 
infi-astructure that comprises a certificate authority that issues the first certificate and the 
associated first certificate reference (see paragraph [0086]). Balaz et al. do not expressly 
disclose storing the first certificate and the associated first certificate reference in a public key 
infi-astructure, a second certificate reference associated with a second certificate. Cook et al. 
disclose the first certificate and the associated first certificate reference are stored in a public key 
infi-astructxire (see paragraph [0007] and [0018]). Benantar discloses a second certificate 
reference associated with a second certificate (see claim 1, lines 4-7). At the time the invention 
was made, it would have been obvious to a person of ordinary skill in the art to modify the 
method disclose by Balaz et al. to store the first certificate and its reference in a public key 
infi-astructure and a second certificate. One of ordinary skill in the art would have been 
motivated to do this because it provides a secure system. 
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Referring to claim 2, Balaz et al. disclose transmitting the first certificate via the network 
to the public key infi*astructure prior to transmitting the authenticated message (see paragraph 
[0036]). 

Referring to claim 3, Balaz et al. disclose the first certificate reference is determined from 
an identity of the sender and a serial number of the first certificate (see paragraph [0085]). 

Referring to claim 5, Balaz et al. disclose the network is the Internet (see paragraph 
[0032]). 

Referring to claim 6, Balaz et al. disclose encrypting the message suing a second pubUc 
key, wherein the recipient holds a second private key corresponding to the second pubUc key 
(see paragraph [0046]). 

Referring to claim 17, Balaz et al. disclose at the sender side: Balaz et al. disclose 
digitally signing a message (i.e. "request") using a first private key associated with the sender 
(i.e. "router"), see paragraph [0084], retrieving a first certificate reference (i.e. "serial number') 
associated with a first certificate, the first certificate including a first public key corresponding to 
the first private key and transmitting to the recipient via the network an authenticated message 
comprising the digitally signed message and the first certificate reference (see paragraphs [0046], 
[0085] & [0086]). Balaz et al. disclose a public key infrastructure that comprises a certificate 
authority that issues the first certificate and the associated first certificate reference (see 
paragraph [0086]) and at the recipient side: receiving the message, transmitting the first 
certificate reference to a public key infrastructure via the network, receiving from the public key 
infrastructure via the network (see paragraph [0086]) and authenticating the digitally signed 
message using the first public key (see paragraph [0046]). Balaz et al. do not expressly disclose 
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storing the first certificate and the associated first certificate reference in a public key 
infi'astructure. Cook et al. disclose the first certificate and the associated first certificate 
reference are stored in a public key infi^astructure (see paragraph [0007] and [0018]). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the art to 
modify the method disclose by Balaz et al. to store the first certificate and its reference in a 
public key infirastructure. One of ordinary skill in the art would have been motivated to do this 
because it provides a secure system. 

7. Claims 7, 9, 1 1 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Balaz et al. and US Patent No. 6012039 to Hoffinan et al. in view of Benantar. 

Referring to claim 7, Balaz et al. disclose transmitting the first certificate reference to a 
pubhc key infi-astructure via the network, receiving firom the public key infirastructure via the 
network a first certificate corresponding to the first certificate reference, the first certificate 
including a first public key (see paragraph [0086]) and if the first certificate is trusted, 
authenticating the digitally signed message using the first public key (see paragraph [0046]). 
Balaz et al. do not expressly disclose determining whether the first certificate is trusted and a 
second certificate reference associated with a second certificate and a second public key. 
Hoffinan et al. disclose determining whether the first certificate is trusted (see abstract, lines 20- 
25). Benantar discloses a second certificate and second public key (see claims 1, lines 4-7). At 
the time the invention was made, it would have been obvious to a person of ordinary skill in the 
art to modify the method disclose by Balaz et al. to include the step of determining whether the 
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first certificate is trusted, a second certificate reference and a second public key. One of ordinary 
skill in the art would have been motivated to do this because it provides security. 

Referring to claim 9, Balaz et al. disclose a first certificate (see claim 7 above). Balaz et 
al. do not expressly disclose identifying a first issuer of the first certificate, comparing the first 
issuer to each of at least one trusted issuer, and if the first issuer is the same as one of the least 
one trusted issuer determining that the first certificate is trusted. Hoffinan et al. disclose 
identifying a first issuer of the first certificate, comparing the first issuer to each of at least one 
trusted issuer, and if the first issuer is the same as one of the least one trusted issuer determining 
that the first certificate is trusted (see abstract, Hens 20-25, col. 13, Hnes 5-15 and col. 10, lines 
34-38). At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the method disclose by Balaz et al. to include the steps of disclose 
identifying a first issuer of the first certificate, comparing the first issuer to each of at least one 
trusted issuer, and if the first issuer is the same as one of the least one trusted issuer determining 
that the first certificate is trusted. One of ordinary skill in the art would have been motivated to 
do this because it prevents fi'aud and prohibits unauthorized individuals fi*om conamunicating 
with the entities in the system. 

As for claim 1 1, see claim 7 rejection above, in which the determination process is 

taught. 

Referring to claim 12, Balaz et al. disclose the network is the Internet (see paragraph 
[0032]). 

8. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Balaz et al. , 
Hoffinan et al. and Benantar as applied to claim 7 above, and fiirther in view of Cook et al. 
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Balaz et al. disclose a public key infrastructure that comprises a certificate authority that 
issues the first certificate and the associated first certificate reference (see paragraph [0086]). 
Balaz et al. do not expressly disclose storing in a local keystore the first certificate and the first 
public key. Cook et al. disclose storing in a local keystore the first certificate and the first pubHc 
key (see paragraph [0007] and [0018]). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the method disclose by Balaz et al. to 
store the first certificate and public key in a local keystore. One of ordinary skill in the art would 
have been motivated to do this because it provides a secure system 

9. Claims 13 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Balaz et 
al. in view of Benantar. 

Referring to claim 13, Balaz et al. disclose determining whether the first certificate 
reference is stored within a local keystore {notice, the certificate authority accesses its records to 
identify the certificate corresponding to the given serial number), if the first certificate reference 
is stored within the local keystore: retrieving firom the local keystore a first public key associated 
with the first certificate reference {the certificate is retrieved which includes the public key and 
reference)^ see paragraph [0086] and if the first certificate reference is not stored within the local 
keystore: transmitting the first certificate reference to a public key infi-astructure, receiving fi*om 
the public key infi-astructure a first certificate, the first certificate including a first public key (see 
paragraph [0086]). Balaz et al. do not expressly disclose determining whether the first certificate 
is trusted and adding information to the local keystore, the information including at least the first 
certificate reference and the first public key. Benantar discloses determining whether the first 
certificate is trusted and adding information to the local keystore, the information including at 
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least the first certificate reference and the first pubUc key (see claims 1 & 7). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to modify 
the method disclose by Balaz et al. to include the step of determining whether the first certificate 
is trusted and adding information to the local keystore, the information including at least the first 
certificate reference and the first public key. One of ordinary skill in the art would have been 
motivated to do this because it provides security. 

Referring to claim 14, Balaz et al. disclose authenticating the digitally signed message 
using the first public key (see paragraph [0046]). 

Conclusion 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS firom the maiUng date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated firom the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the maifing 
date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is (571) 272-6714. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571) 272-6712. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300 for Regular/After 
Final Actions and 571-273-6714 for Non-OfiFicial/Draft. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpubhshed 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 



Commissioner of Patents and Trademarks 




October 3, 2005 



